Malware, short for malicious software, is software designed to infiltrate a computing device without the owner's informed consent. The expression “malware” is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. Malware may include, but is not limited to computer viruses, worms, Trojan horses, spyware, dishonest adware, crimeware, and rootkits. Malware can be loaded into a computing device during a variety of timeframes, however, malware that is loaded during the early stages of a computing device's boot process is particularly difficult to detect and/or prevent because such malware has the potential to subvert and compromise the computing device before an operating system and its corresponding defenses are loaded.
Current computer devices that load and run an operating system are largely reliant on anti-virus programs for protection from malware. Anti-virus programs typically assume that the system is in a clean state when they are loaded into memory. This assumption is made because the anti-virus programs execute within the operating system, and expect the operating system kernel to be loaded before any additional software. Therefore, malware that is loaded before an operating system, such as during the device's boot process, has significant potential to subvert an anti-virus program's security measures. Computing devices with embedded systems that do not support an operating system are at similar risk for malware being loaded during initial system setup and may be further hampered by a lack of any type of antivirus protection because they may not have an operating system.
While the potential threat of malware execution during the system startup for a computing device is well known, solutions to mitigate such malware threats are lacking. In an effort to try to address malware threats during a system booting sequence, Intel® has introduced the Trusted Execution Technology (TXT) to help provide a protected launch environment. The Intel® environment is provided through the use of software hashing, launch control policies, and BIOS authentication techniques. While the Intel® TXT can be effective in measuring the system state at boot time, it does not fully address mitigating threats in this environment because it deactivates protected computing devices when it recognizes a malware infection. Shut-down computing devices may wait a significant amount of time before an experienced computer professional is able to diagnose the cause of the malware shutdown, remove the problem, and reload any necessary software or firmware. Such downtime is unacceptable, especially for high priority computing devices such as those in hospitals, businesses, financial institutions, law enforcement agencies, governments, and the military. In addition to this shortcoming, to be most effective, TXT must also be built into the hardware for a specific system configuration.
Therefore, there is a need for a flexible and reliable method of reducing an impact of malware during a booting sequence for an interrupt driven computing device without having to deactivate or shut down the computing device.